According to Symantec, 13 apps from three developers—many in the official Android Market—have been carrying malicious chunks of code called Android.Counterclank, and are suspected of running on as many as five million phones, stealing info and running ads against the will of the device's owner.

Advertisement

ComputerWorld, speaking to Symantec, learned that the apps have been downloadable for over a month, and Symantec calls it the biggest Android malware outbreak to date.

Some of the 13 apps that Symantec identified as infected have been on the Android Market for at least a month, according to the revision dates posted on the e-store. Symantec, however, discovered them only yesterday.

Users had noticed something fishy before then.

"The game is decent ... but every time you run this game, a 'search icon gets added randomly to one of your screens," said one user on Jan. 16 after downloading "Deal & Be Millionaire," one of the 13. "I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page."

The apps, distributed by iApps7, Ogre Games and redmicapps, are mostly games with titles such as Counter Strike Hit Force, Wild Man and Stripper Touch girl. Here's the full list:

UPDATE: Computerworld also posted a followup from an Android-centric security firm, Lookout, who claim that the behavior of these apps is on par with at least 10 other ad networks, and shouldn't be considered malware. They say Symantec has overblown their own findings. Symantec has yet to respond. [Symantec via ComputerWorld]